Accept MaD sanitizers for queries with MaD sinks

Author: owen-mc

ruby/ql/lib/codeql/ruby/security/CodeInjectionCustomizations.qll

@@ -118,4 +118,8 @@ module CodeInjection {
   private class ExternalCodeInjectionSink extends Sink {
     ExternalCodeInjectionSink() { ModelOutput::sinkNode(this, "code-injection") }
   }
+
+  private class ExternalCodeInjectionSanitizer extends Sanitizer {
+    ExternalCodeInjectionSanitizer() { ModelOutput::barrierNode(this, "code-injection") }
+  }
 }

ruby/ql/lib/codeql/ruby/security/CommandInjectionCustomizations.qll

@@ -57,4 +57,8 @@ module CommandInjection {
   private class ExternalCommandInjectionSink extends Sink {
     ExternalCommandInjectionSink() { ModelOutput::sinkNode(this, "command-injection") }
   }
+
+  private class ExternalCommandInjectionSanitizer extends Sanitizer {
+    ExternalCommandInjectionSanitizer() { ModelOutput::barrierNode(this, "command-injection") }
+  }
 }

ruby/ql/lib/codeql/ruby/security/LogInjectionQuery.qll

@@ -67,6 +67,10 @@ class HtmlEscapingAsSanitizer extends Sanitizer {
   HtmlEscapingAsSanitizer() { this = any(HtmlEscaping esc).getOutput() }
 }
 
+private class ExternalLogInjectionSanitizer extends Sanitizer {
+  ExternalLogInjectionSanitizer() { ModelOutput::barrierNode(this, "log-injection") }
+}
+
 private module LogInjectionConfig implements DataFlow::ConfigSig {
   predicate isSource(DataFlow::Node source) { source instanceof Source }
 

ruby/ql/lib/codeql/ruby/security/PathInjectionCustomizations.qll

@@ -57,4 +57,8 @@ module PathInjection {
   private class ExternalPathInjectionSink extends Sink {
     ExternalPathInjectionSink() { ModelOutput::sinkNode(this, "path-injection") }
   }
+
+  private class ExternalPathInjectionSanitizer extends Sanitizer {
+    ExternalPathInjectionSanitizer() { ModelOutput::barrierNode(this, "path-injection") }
+  }
 }

ruby/ql/lib/codeql/ruby/security/ServerSideRequestForgeryCustomizations.qll

@@ -46,4 +46,8 @@ module ServerSideRequestForgery {
   private class ExternalRequestForgerySink extends Sink {
     ExternalRequestForgerySink() { ModelOutput::sinkNode(this, "request-forgery") }
   }
+
+  private class ExternalRequestForgerySanitizer extends Sanitizer {
+    ExternalRequestForgerySanitizer() { ModelOutput::barrierNode(this, "request-forgery") }
+  }
 }

ruby/ql/lib/codeql/ruby/security/SqlInjectionCustomizations.qll

@@ -61,4 +61,8 @@ module SqlInjection {
   private class ExternalSqlInjectionSink extends Sink {
     ExternalSqlInjectionSink() { ModelOutput::sinkNode(this, "sql-injection") }
   }
+
+  private class ExternalSqlInjectionSanitizer extends Sanitizer {
+    ExternalSqlInjectionSanitizer() { ModelOutput::barrierNode(this, "sql-injection") }
+  }
 }

ruby/ql/lib/codeql/ruby/security/UrlRedirectCustomizations.qll

@@ -125,6 +125,10 @@ module UrlRedirect {
    */
   class StringInterpolationAsSanitizer extends PrefixedStringInterpolation, Sanitizer { }
 
+  private class ExternalUrlRedirectSanitizer extends Sanitizer {
+    ExternalUrlRedirectSanitizer() { ModelOutput::barrierNode(this, "url-redirection") }
+  }
+
   /**
    * These methods return a new `ActionController::Parameters` or a `Hash` containing a subset of
    * the original values. This may still contain user input, so the results are tainted.